ALAS-2019-1277


Amazon Linux AMI Security Advisory: ALAS-2019-1277
Advisory Release Date: 2019-09-09 20:58 Pacific
Severity: Critical
References: CVE-2019-15846 

Issue Overview:

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.(CVE-2019-15846 )


Affected Packages:

exim


Issue Correction:
Run yum update exim to update your system.

New Packages:
i686:
    exim-greylist-4.92-1.24.amzn1.i686
    exim-pgsql-4.92-1.24.amzn1.i686
    exim-mon-4.92-1.24.amzn1.i686
    exim-4.92-1.24.amzn1.i686
    exim-debuginfo-4.92-1.24.amzn1.i686
    exim-mysql-4.92-1.24.amzn1.i686

src:
    exim-4.92-1.24.amzn1.src

x86_64:
    exim-pgsql-4.92-1.24.amzn1.x86_64
    exim-mysql-4.92-1.24.amzn1.x86_64
    exim-mon-4.92-1.24.amzn1.x86_64
    exim-greylist-4.92-1.24.amzn1.x86_64
    exim-debuginfo-4.92-1.24.amzn1.x86_64
    exim-4.92-1.24.amzn1.x86_64